malwarewikiaorg-20200223-history
Wolfram Antivirus
Wolfram Antivirus is a rogue antivirus on Microsoft Windows. It tries to scare the user into purchasing the program by displaying fake security warnings and false scan results. Payload Wolfram Antivirus will be configured to start automatically by installing a file called csrss.exe in the Window Startup folder. Once Windows is started, csrss.exe will automatically be launched, which will then start the main executable for this infection called %AppData%\Wolfram Antivirus\Wolfram Antivirus.exe. Once Wolfram is started it will do a fake scan on the user's computer that will state that there are numerous infections present. It will then prompt the user to remove these so-called infections, but will not allow the user to do so unless they first purchase the program. Wolfram Antivirus will also configure Windows to use a Proxy Server. This Proxy Server will intercept all Internet requests and instead of displaying the requested web pages. It will show fake security alerts stating the web site the user is visiting is malicious. This infection will also terminate the majority of programs that the user attempts to run. When the user starts an executable, it will automatically be closed and you will then be shown a security warning from the Windows taskbar stating that the program is infected. The text of this message is: Warning! The file "notepad.exe" is infected. Running of application is impossible. Please activate your antivirus software. Just like the scan results, this infection message is fake and should be ignored. While running, Wolfram Antivirus will display a variety of fake security alerts and warnings that are designed to make you think your computer has a serious security problem. The alerts for this particular variant of the Rogue.WinAVPro family introduce some new alerts styles and techniques such as the Zeus warnings and the E-Mail warning boxes that are generated frequently. The various text of the alerts that this program will show are listed below: Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Zeus Trojan Warning! Infection found Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED. Warning! Infection found Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails. Security Warning Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection. Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately. Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software. Warning: Spyware Detected Windows has found spy programs running on your computer! Click here to update your Windows antivirus softwareWarning: Infection is Detected Windows has found spyware infection on your computer! Click here to update your Windows antivirus software Category:Rogue software Category:Microsoft Windows Category:Win32